Technical Overview Of HP 3PAR File Persona Software Suite .
Technical white paperTechnical overview ofHP 3PAR File PersonaSoftware SuiteTruly converged file and object access for HP 3PAR StoreServ StorageTable of contentsIntroduction.3Audience .3Overview .3Product highlights .3Licensing.4Architecture.4HP 3PAR File Persona Software Suite concepts and terminology .4Resiliency and high availability .5Name services and authentication.5Active Directory .6Lightweight Directory Access Protocol (LDAP) .6Local authentication .6Authentication stack order.7Authorization and permissions .7Converged ACL .8Access-based Enumeration (ABE).8Protocol support .9SMB protocol.9NFS protocol . 11Object Access API . 11
Technical white paper Technical overview of HP 3PAR File Persona Software SuiteIntegration with Microsoft environment . 12Folder Redirection . 12Roaming User Profiles . 13Offline Files . 13Offloaded Data Transfer . 13DFS-Namespace. 13Microsoft Management Console . 14Antivirus scanning . 14Quota management. 15Data protection . 16User-driven local recovery . 16Administrator-driven recovery . 17Replication and disaster recovery . 17Backup and restore . 17Support for the HP 3PAR data services . 18Conclusion . 18Related documentation. 19
Technical white paper Technical overview of HP 3PAR File Persona Software SuiteIntroductionThe modern IT needs for their data centers to deploy, serve, manage and report on different tiers of business applications,databases, virtual workloads, home directories and file sharing all at the same time, co-locate multiple systems, and share powerand energy. This is true for large as well as small environments. Modern IT would like to consolidate as much as possible tominimize cost and maximize efficiency of their data centers and branch offices. HP 3PAR StoreServ is highly efficient,flash-optimized storage engineered for the true convergence of block, file, and object access to help consolidate diverse workloadsefficiently. HP 3PAR OS and converged controllers incorporate multiprotocol support into the heart of the system architecture.AudienceThis white paper provides an overview of the HP 3PAR File Persona Software Suite and the technical details about thefeatures and core file data services included in the software suite. It is intended to assist the System Administrators,Solution Architects, Pre-sales engineers, and Professional Services Consultants who design, deploy, and administer theHP 3PAR StoreServ storage system in a home directory or corporate/group share environment.OverviewHP 3PAR File Persona Software Suite is a licensed feature of HP 3PAR OS that enables a rich set of file protocols and corefile data services on an HP 3PAR StoreServ system. As a feature of HP 3PAR OS, File Persona Software Suite inherits one ofthe industry-leading architecture and Block Persona benefits of HP 3PAR StoreServ. It extends the spectrum of primarystorage workloads natively addressed by HP 3PAR StoreServ from virtualization, databases, and applications via the BlockPersona to include client workloads such as home directory consolidation, group and department shares, and corporateshares via the File Persona—all with truly Converged Controllers, truly agile capacity, and truly unified management.HP 3PAR File Persona Software Suite tightly integrates into the data center by supporting the standard industry NASprotocols, file services ecosystem such as authentication and authorization methods, antivirus servers, and variety ofclient OSs while managing it all with a single streamlined interface.Product highlights Rich file protocols including Server Message Block (SMB) 3.0, 2.1, 2.0, and 1.0, and NFSv4.0 and v3.0 to support a broadrange of client OSs. Object access application-programming interface (API) that enables programmatic data access via a representationalstate transfer (REST) API for cloud applications from virtually any device anywhere. Transparent Failover for clients via SMB 3.0 and NFS to allow for non-disruptive HP 3PAR OS upgrades or in the eventof a controller failure. Performance acceleration leveraging HP 3PAR Adaptive Flash Cache for read intensive workloads. Data compaction via thin built-in zero detect and HP 3PAR Thin Provisioning, plus data optimization via the separatelylicensed HP 3PAR Adaptive Optimization and HP 3PAR Dynamic Optimization. Comprehensive data protection with point-in-time File Store snapshots for user-driven file recovery, support forthird-party antivirus software, network share and Network Data Management Protocol (NDMP)-based backup/restore,and disaster recovery replication via the separately licensed HP 3PAR Remote Copy. Security of Federal Information Processing Standard (FIPS) 140-2 validated Data-at-Rest (DAR) Encryption as anoptional additional measure to prevent unauthorized data access. Seamless integration with a broad range of IT infrastructure. This includes Active Directory for Microsoft -basedIT infrastructure including core Microsoft data services, such as Folder Redirection, Offline Files, Roaming User Profiles,distributed file system (DFS)-Namespace, and Microsoft Management Console. It also includes Lightweight DirectoryAccess Protocol (LDAP) and local user authentication for Linux -based IT infrastructure. Single management interface for file and block through HP 3PAR StoreServ Management Console (SSMC) GUI with aperformance dashboard, custom reports capability, and HP 3PAR OS CLI.3
Technical white paper Technical overview of HP 3PAR File Persona Software SuiteLicensingHP 3PAR File Persona Software Suite title uses a capacity-based licensing approach, hence there is a 1 TB software LTU foreach HP 3PAR StoreServ 7000c series models (7200c, 7400c, 7440c, and 7450c). The 1 TB software LTU for a particularplatform is a single stock-keeping unit (SKU) irrespective of the drive type or drive capacity, which includes all file protocolsSMB, NFS, and Object Access API and core file data services. Specific number of 1 TB LTUs need to be purchased for everyTB of usable file capacity on these 7000c converged controllers.The only additional hardware required for HP 3PAR File Persona Software Suite is the NICs in the HP 3PAR StoreServ array:the 4-port 1GbE NIC or the 2-port 10GbE NIC.ArchitectureHP 3PAR File Persona Software Suite concepts and terminologyHP 3PAR StoreServ File Persona Software Suite is comprised of the following managed objects: File Provisioning Groups (FPGs) Virtual File Servers (VFSs) File Stores File SharesThe File Persona Software Suite is built upon the resilient mesh-active architecture of HP 3PAR StoreServ and benefits fromHP 3PAR storage foundation of wide-striped logical disks and autonomic Common Provisioning Groups (CPGs). A CPG can beshared between file and block to create the File Shares or the logical unit numbers (LUNs) to provide the true convergence.Figure 1 represents the four managed objects for HP 3PAR File Persona Software Suite within HP 3PAR OS.Figure 1. HP 3PAR File Persona logical viewA File Provisioning Group (FPG) is an instance of the HP intellectual property Adaptive File System. It controls how files arestored and retrieved. Each File Provisioning Group is transparently constructed from one or multiple Virtual Volumes (VVs)and is the unit for replication and disaster recovery for File Persona Software Suite. There are up to 16 FPGs supported ona node pair.A Virtual File Server (VFS) is conceptually like a server. As such, it presents virtual IP addresses to clients, participates inuser authentication services, and can have properties for such things as user/group quota management and antiviruspolicies. There are up to 16 VFSs supported on a node pair, one per FPG.4
Technical white paper Technical overview of HP 3PAR File Persona Software SuiteFile Stores are the slice of a Virtual File Server and File Provisioning Group at which snapshots are taken, capacity quotamanagement can be performed, and antivirus scan service policies customized. There are up to 256 File Stores supportedon a node pair, 16 File Stores per VFS.File Shares are what provide data access to clients via SMB, NFS, and the Object Access API, subject to the share permissionsapplied to them. Multiple File Shares can be created for a File Store and at different directory levels within a File Store.File Shares and VFSs are managed as normal operations via StoreServ Management Console. File Stores and FPGs aretypically managed explicitly for advanced operations only.Resiliency and high availabilityHP 3PAR File Persona Software Suite uses a mission-critical proven HP intellectual property-based 64-bit journalingfile system that has been optimized for high metadata-driven workloads such as home directory consolidation andcorporate/group shares.HP 3PAR File Persona Software Suite benefits from the inherited HP 3PAR StoreServ resiliency, in case of an event requiringnode-failover, the File Persona Software Suite will failover to the other node in the node pair. The VFS ownership changes tothe other node. Depending on the protocol, the failovers are transparent to the users.Figure 2. HP 3PAR File Persona high availabilityName services and authenticationName services refers to user account name and group name resolution/lookups from user and group databases likeActive Directory, LDAP, or local user database. Name resolution refers to user, group, or host name lookup in the respectiveName Services databases. Authentication and authorization are essential components of home directories consolidationand corporate/group shares in the data center. Any user trying to access his home directory over the network needs to beidentified as himself with his associated credentials. The process of identifying an individual usually based on a usernameand password is called authentication. HP 3PAR File Persona Software Suite supports three types of Name Services—ActiveDirectory, LDAP, and local database. It supports Kerberos, NT LAN Manager version 2 (NTLMv2), and NTLM types ofauthentication for Active Directory and LDAP users along with support for authentication for local users and groups.The File Persona Software Suite uses the local user authentication method as the default, but Active Directory and LDAPservices can be added to the authentication stack for the user and group name lookup. Picking the correct order optimizesthe performance of account name lookups. The stacked authentication lookup order is persistent during the failover.NoteAuthentication should generally be configured before starting to write data to the system, to avoid any implications ofchanges to the authentication scheme.5
Technical white paper Technical overview of HP 3PAR File Persona Software SuiteActive DirectoryActive Directory is a directory service primarily used in Windows environments, where Kerberos, NTLMv2, and NTLM areprimary types of authentications. HP 3PAR File Persona Software Suite supports the user credential authentication usingKerberos, NTLMv2, or NTLM authentication in Active Directory based on the authentication stack order defined within FilePersona Software Suite. Active Directory performs name lookups and authentications for user accounts and groups andall user name lookups are stored in Active Directory name cache on the File Persona node. This cache is referenced orpopulated for every user name request and will be cleared when the File Persona is restarted.The File Persona node joins the Windows Active Directory domain where it creates the computer account for the FilePersona node. The computer name created in the AD domain is in the format of HP 3PAR StoreServ system name plusthe node number (e.g., deptserver-0.sales.hp.com 1). Use showfs -ad command at the HP 3PAR OS CLI to check if thenode has joined the Active Directory domain properly.Note Networking node IP addresses, gateway, and Domain Name System (DNS) should be configured on the File Persona nodebefore attempting to associate to LDAP or Active Directory. NTP should be configured for HP 3PAR StoreServ system such that the array and the domain controller are relatively insync before attempting an Active Directory-join, or the join may fail.Lightweight Directory Access Protocol (LDAP)LDAP is most commonly used in Linux/UNIX environments, where customers have users that connect to SMB or NFS shares onHP 3PAR StoreServ system running File Persona Software Suite. The LDAP provider uses ldapsearch requests to lookup usersand groups by name or security identifier (SID). SIDs are formulated based on an SID prefix and user ID (UID)/group ID (GID)when the POSIX schema template is configured. It also provides NTLM or NTLMv2 authentication by matching a user-suppliedpassword with a Windows-encrypted password stored in LDAP. The LDAP schema attribute it uses, depends on the schematemplate used. The File Persona SMB server can be configured to use either Samba or POSIX schema, but only one schema at atime. Use showfs -ldap command at the CLI to check the status of LDAP authentication.The LDAP connection for File Persona Software Suite can be using three categories: Simple connection—The authentication is done through plain text. Secure Sockets Layer (SSL)—The authentication is done through NTLM and uses the LDAP server’s fully qualifieddomain name (FQDN) name to connect. The communication will be established on port 636 by default. Transport Layer Security (TLS)—The authentication is done through NTLM and uses the LDAP server FQDN nameto connect. The communication will be established on port 389 by default.Local authenticationLocal authentication will often be used in smaller Windows or Linux/UNIX environments. Each node has a copy of thelocal user database. All changes to the local accounts database are replicated to all File Persona nodes in a system.Local users are authenticated using NTLMv2 authentication by default. The password is stored in encrypted form inthe local user database. UIDs and GIDs are assigned automatically if not specified during their creation. The StorageAdministrator should make sure that IDs are unique across the name services.16Windows 2000 and above DNS domain name support up to 24 characters in the hostname. Make sure to follow Microsoft guidelines for the hostnamecharacter length.
Technical white paper Technical overview of HP 3PAR File Persona Software SuiteAuthentication stack orderThe authentication stack order can be configured from the SSMC after enabling Advanced options in the Configure FilePersona menu. The Local Users & Groups must be included in the Provider Order, while LDAP and Active Directory areoptional. Active Directory and Local Users & Groups are the default stacking orders (see figure 3), and as a best practice,there should not be a value in the stacking order that is not configured. To show the configured stacking order on theCLI use showfs –auth. Note that the stacking order is configured separately from the authentication methods, and if amethod is not in the stack, users will not be able to authenticate using that method.Figure 3. Configuring the authentication stack orderNoteThe authentication and authorization method used for HP 3PAR File Persona Software Suite is separate from the securitymethod used for management of the HP 3PAR StoreServ array (Management Console and CLI). For instance, managementarray access can be using local authentication and authorization method (on the HP 3PAR StoreServ nodes), while HP 3PARFile Persona is using Active Directory for authentication and authorization.Authorization and permissionsAuthorization is a process used to verify what effective permissions a user (or group) has on files or folders. Authorizationis performed by comparing user account or member names of a group with the permissions on file storage resources suchas files or directories. Only authorized users (or groups) are allowed to access any file or folder, while the rest are deniedaccess. For shared folder access, the user has to go through the share permissions first to check if the user is authorizedto access that share. An ACL is a list of access control entries (ACEs). Each ACE in an ACL identifies a trustee and specifiesthe access rights allowed, denied, or audited for that trustee. SMB users are granted access based on the advanced accessrights allowed through NTFS ACLs permissions set on files and directories. NFS users are granted access based on thePOSIX or NFSv4 ACLs set on file or directories. The user’s name or UID and all group memberships/GIDs are evaluatedin determining access to files and directories. The most restrictive user rights are honored when granting access to filesand folders.7
Technical white paper Technical overview of HP 3PAR File Persona Software SuiteConverged ACLHP 3PAR File Persona Software Suite uses the advanced HP Adaptive File System that is designed for storing the convergedACLs on the disk in the NFSv4.1 ACL format for all files and directories and converts the ACLs to each protocol specific ACLfor SMB, NFS, or HTTP clients, as described in table 1. The Adaptive File System also performs the name resolution for theusername from the protocol specific username format to user principal name (UPN) format to store on the disk.Table 1. Converged ACLsConverged ACL stackSMBNFSv3NFSv4Object Access API over HTTPACLs enforcerSMB serverFPG (file system)FPG (file system)FPG (file system)ACLs enforced by File PersonaNTFS ACLsPOSIX ACLsPOSIX ACLsPOSIX ACLsOn-disk ACLs storedNFSv4.1 ACLsNFSv4.1 ACLsNFSv4.1 ACLsNFSv4.1 ACLsName resolutionDomain\username user@domainnameUID/GID user@domainname user@domainname user@domainnameDomain\username user@domainnameNoteHP 3PAR File Persona Software Suite supports file locking within a protocol but not across protocols, so accessing thesame file simultaneously from different file protocols is not supported. This restriction does not preclude the access of thedirectory or files by any file protocol at different times e.g., all locks held by SMB clients are honored by other SMB clients.Access-based Enumeration (ABE)HP 3PAR File Persona Software Suite supports Access-based Enumeration, which is a very useful feature in the homedirectories consolidation scenario. Access-based Enumeration is a Microsoft Windows feature which when applied on anSMB share, allows users to list only the files and folders to which they have access when browsing content on the file share.This avoids user confusion that can be caused when users connect to a file share and encounter a large number of files andfolders that they cannot access. This feature allows administrators to control the display of files and folders according to auser’s access rights. Therefore, when applied on a shared folder that contains many home directories, users who access theshared folder can see only their personal home directories; other users’ folders are hidden from view. This can also be usedon group shares with common set of the files or application data, accessed by a group of users.In addition to protecting sensitive information at your workplace, ABE enables administrators to simplify the display of largedirectory structures for the benefit of users who do not need access to the full range of content. End users see only the filesand folders that they are responsible for, rather than looking through a busy folder structure with hundreds of users foldersin it. . Administrators can be more productive because they don’t have to help less-skilled users navigate through denseshared folders. Enabling ABE in File Persona is done by specifying the –abe true option when creating the File Sharecreatefs smb –abe true vfs sharename . The SSMC can also be used to enable this when creating ormodifying the File Share, (see figure 4 [enable the Advanced options]).Figure 4. Enable ABE on file share8
Technical white paper Technical overview of HP 3PAR File Persona Software SuiteProtocol supportSMB protocolThe SMB protocol is the most widely used protocol for home directory access and brings a robust feature set forenterprise file sharing. File sharing protocols provide central management of data that uses client/server method,reduces administrative overhead, and provides granular access control to the files.The SMB protocol is the default protocol used by the Windows clients, but there are also Mac Linux, and Samba clients, whichuse the SMB protocol to connect to an SMB file server. It brings a variety of security, performance, resiliency, and efficiencyfeatures that help customers to offer home directories, group/department shares, and corporate shares to their clients.The SMB File Share can be created using createfshare smb [options arg ] vfs sharename instructing the File Share to use the SMB protocol.Figure 5. Creating SMB file shareHP 3PAR File Persona Software Suite supports SMB 3.0, 2.1, 2.0, and 1.0. This includes advanced SMB 3.0 protocol featureof Transparent Failover, SMB opportunistic locks (oplocks) and leases (file and directory) for all SMB versions; crediting andlarge maximum transmission unit (MTU) size for SMB 2.x and beyond versions. In addition to these SMB protocol features,File Persona Software Suite also supports Offloaded Data Transfer (ODX) features of Microsoft Windows 2012.9
Technical white paper Technical overview of HP 3PAR File Persona Software SuiteTable 2. SMB protocol version supported with various operating systemsOSWindows 8/8.1, Windows Server 2012 R2Windows 7, Windows Server 2008 R2SMB 3.0SMB 2.1SMB 2.0SMB 1.0 Windows Vista , Windows Server 2008Windows XP, Windows Server 2003 R2Mac OS 10.8, 10.9 Transparent FailoverSMB Transparent Failover is one of the key features in the feature set introduced in SMB 3.0 with Windows Server 2012and Windows 8 OSs. SMB Transparent Failover enables administrators to configure Windows File Shares to be continuouslyavailable. Using continuously available File Shares, administrators can perform hardware or software maintenance on anycluster node without interrupting the client connections that store their data files on these File Shares. Also, in case of ahardware or software failure, the clients will transparently reconnect to another cluster node without any disruption to theuser connections. To benefit from SMB Transparent Failover, both the SMB client computer and the SMB server computermust support SMB 3.0 at a minimum. Computers running down-rev SMB versions, such as 1.0, 2.0, or 2.1 can connect andaccess data on a file share that has the continuously available property set, but will not be able to leverage the benefits ofthe SMB Transparent Failover feature.SMB Oplocks and LeasesOpportunistic locks or oplocks is a client caching mechanism that allows SMB/SMB 2.0 clients to decide the client-sidebuffering strategy dynamically, so the network traffic can be minimized to improve performance. In SMB 2.1, client oplocklease model allows oplocks to be held by a client for enhanced file and handle caching opportunities for the SMB client.This feature brings performance improvement by reducing network bandwidth consumption, greater file server scalability,and better response time when accessing the files over a network. The only disadvantage of the file level oplocks or leasesis that if there are any changes in the files and folders on the file server, clients with the cached listing of that directorywould not be aware of the changes when directory listing is refreshed locally. In SMB 3.0, the directory-leasing featureimproves this behavior, by allowing the SMB client to cache the directory and file metadata together in a consistent mannerfor longer duration. Clients are notified when directory information on the server changes and the data resynchronizes andupdates the cache. This feature is designed to work with user’s home folders (read/write with no sharing) and publishedshares (read-only with sharing). This results in improved network performance and faster response time.SMB CreditingSMB 2.0 and above protocol uses a credit-based flow control, which allows the server to control a client’s behavior.The server will start with a small number of credits and automatically scale up as needed. With this, the protocol cankeep more data “in flight” and better utilize the available bandwidth. It makes it easy for clients to send a number ofoutstanding requests to a server. This allows the client to build a pipeline of requests instead of waiting for a responsebefore sending the next request. This is especially relev
Persona Software Suite. Active Directory performs name lookups and authentications for user accounts and groups and all user name lookups are stored in Active Directory name cache on the File Persona node. This cache is referenced or populated for every user name request and will be cle
HP 3PAR System Reporter software HP 3PAR Host Explorer software HP 3PAR Multipath I/O (MPIO) software for Microsoft Windows Server 2003 HP 3PAR Replication Adapter software for VMware vCenter Site Recovery Manager HP 3PAR Policy Manager software While the above features are available o
The CSI of the HPE 3PAR StoreServ 9000 must be performed using the HPE 3PAR Guided Setup that is a feature of the HPE 3PAR OS 3.3.1. CSI installer technical profile: To install the HPE 3PAR StoreServ 9000 system, Hewlett Packard Enterprise re
HP 3PAR Replication Software Suite This optional suite bundles HP 3PAR Virtual Copy with HP 3PAR Remote Copy Software, both also sold separately for all HP 3PAR StoreServ models. Included in this bundle is Peer Persistence, which enables peer federation for VMware clusters to improve
8 option S6Q HP 3PAR 7200 Virtual Copy Drive LTU Supp 8 option S6S HP 3PAR 7200 Dynamic Opt Drive LTU Supp 8 option TPJ HP 3PAR 7000 480GB SAS cMLC SSD HW Supp 1 option TRE HP 3PAR StoreServ 7200c2NStrgbase HWSupp 3 option WSF HP 3PAR Internal Entitlement Pu
HP 3PAR Storage —built for virtualization, cloud, and ITaaS HP 3PAR Storage is the only storage platform that can meet the demands of the modern data center. With a range of models, HP 3PAR Storage delivers the efficiency and agility required by virtual, cloud, and IT as a service (ITaaS) environments. HP 3PAR Storage is designed from the ground
QuickSpecs HPE 3PAR StoreServ 9000 Storage Overview Page 1 HPE 3PAR StoreServ 9000 Storage The HPE 3PAR StoreServ 9000 Storage is an enterprise-class flash array that helps you consolidate primary storage workloads - for file, block, and object - without compromisin
HPE 3PAR System Reporter . Overview HPE 3PAR Operating System Software Suite is the foundation software of HPE 3PAR StoreServ 7000 and 10000 Storage, combining advanced
Aug 03, 2020 · foundation software of HPE 3PAR StoreServ Storage, combining advanced virtualization capabilities with simple storage management, high efficiency, and world class performance. HPE 3PAR Virtual Copy . HPE 3PAR Virtual Copy software protects and shares data affordably with rapid recovery us
